skip to Main Content


Profiling the Attacker – Using Offender Profiling In SOC Environments

By : James Stevenson (@_JamesStevenson)

It’s been said ‘‘Intrusion analysis is as much about tcpdump as astronomy is about telescopes”. Understanding who is attacking your or a customer’s network and why is just as important as analyzing the packets on it. This slot will focus on a technical offender profiling framework that can be used to build a knowledge base on malicious actors. This talk will delve into the following areas: – Building an information classification for your assets – Attack significance plotting – Attack factor comparison analysis – Discerning motive – Attacker kill chain analysis – Malicious actor profile checklist – Naming conventions for malicious actors


James Stevenson is a computer security graduate and software engineer for BT Security and has previously worked as a security analyst for the cloud security company Alert Logic. He is also a speaker at security conferences on topics from offender profiling to getting into the industry.

Back To Top